General
-
Target
3112a331c7c4c716a5e27d43a0efc7139c2cf521d76b9676b948d86e7ea0eccb
-
Size
116KB
-
Sample
221128-g5zlzsca88
-
MD5
b39b13caf569ac570efc65f49fa4c24d
-
SHA1
e8507e6247c05a43f003c7564abb3d5abf250f85
-
SHA256
3112a331c7c4c716a5e27d43a0efc7139c2cf521d76b9676b948d86e7ea0eccb
-
SHA512
b98497359def4422407bcc6f9a987e049c6740ddf987cfd0815be9ca87a37207a87f6800762ce4775c1e5270cd17e979ffaa6cf56f8277c087cc9b75dab67753
-
SSDEEP
3072:3Ng3E0nSYcQQPtihc3oQCAlwfSq4o2CwN0:G0HYcX1cc3oQCAlESq/
Static task
static1
Behavioral task
behavioral1
Sample
3112a331c7c4c716a5e27d43a0efc7139c2cf521d76b9676b948d86e7ea0eccb.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://ocvitcamap.com/administrator/lib/cheapoakley.php
http://spark-leds.com/upload/images/images.php
http://sapacmold.com/img/t/t.php
http://www.ubikate.mx/wp-includes/images/images.php
http://www.ebouw.nl/wp-includes/pomo/pomo.php
http://www.getserved.nl/wp-content/themes/themes.php
http://www.multiposting.nl/wp-includes/theme-compat/ips_kernel.php
Targets
-
-
Target
3112a331c7c4c716a5e27d43a0efc7139c2cf521d76b9676b948d86e7ea0eccb
-
Size
116KB
-
MD5
b39b13caf569ac570efc65f49fa4c24d
-
SHA1
e8507e6247c05a43f003c7564abb3d5abf250f85
-
SHA256
3112a331c7c4c716a5e27d43a0efc7139c2cf521d76b9676b948d86e7ea0eccb
-
SHA512
b98497359def4422407bcc6f9a987e049c6740ddf987cfd0815be9ca87a37207a87f6800762ce4775c1e5270cd17e979ffaa6cf56f8277c087cc9b75dab67753
-
SSDEEP
3072:3Ng3E0nSYcQQPtihc3oQCAlwfSq4o2CwN0:G0HYcX1cc3oQCAlESq/
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-